a4044c092f383ea9fe37536ecca3ecc24f055fb4204b50ddd64509fa6aac31e5

Sharing

Copy URL

Twitter E-mail

General

Target

a4044c092f383ea9fe37536ecca3ecc24f055fb4204b50ddd64509fa6aac31e5
Size

2.0MB
MD5

9e92d5de310752dc1541d406855a6fe9
SHA1

99be740b8ba2eadfb4d6b660b503f2ed8e6bf9af
SHA256

a4044c092f383ea9fe37536ecca3ecc24f055fb4204b50ddd64509fa6aac31e5
SHA512

4835ca63ea9092d9bc5d36b321e311109a12399eea2c0b638c124e826846c5f0a91a13472e563b71478b19250f702ebbbcb5bf2de626c6a8da3ab0e680be41d7
SSDEEP

49152:9474+eGpB1MvPfxSXSVKi0hH3JZH9y+/yx/i8aFXWBH4cSSfaUO1:YeGr1NXG0h/H9y+qk8iWBYV

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

a4044c092f383ea9fe37536ecca3ecc24f055fb4204b50ddd64509fa6aac31e5

resource	yara_rule
sample	vmprotect

resource
a4044c092f383ea9fe37536ecca3ecc24f055fb4204b50ddd64509fa6aac31e5

Files

a4044c092f383ea9fe37536ecca3ecc24f055fb4204b50ddd64509fa6aac31e5
.exe windows:5 windows x86 arch:x86

d3a7c372e3f9d709b38ce67a9f163743

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

LCMapStringW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CharUpperBuffW

gdi32

BitBlt

advapi32

RegEnumKeyA

ole32

DoDragDrop

oleaut32

SystemTimeToVariantTime

msimg32

AlphaBlend

comctl32

ImageList_GetIconSize

shlwapi

PathIsUNCA

wininet

InternetOpenA

oleacc

LresultFromObject

gdiplus

GdipFree

imm32

ImmGetContext

winmm

PlaySoundA

winspool.drv

ClosePrinter

comdlg32

GetFileTitleA

shell32

DragFinish

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

Sections

.MPRESS1
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: - Virtual size: 776KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 525KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d3a7c372e3f9d709b38ce67a9f163743

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msimg32

comctl32

shlwapi

wininet

oleacc

gdiplus

imm32

winmm

winspool.drv

comdlg32

shell32

msvcrt

iphlpapi

psapi

Sections

.MPRESS1 Size: - Virtual size: 3.2MB

.sedata Size: - Virtual size: 776KB

.idata Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 48KB

.sedata Size: - Virtual size: 4KB

.vmp1 Size: - Virtual size: 525KB

.vmp2 Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 46KB - Virtual size: 45KB

.MPRESS1
Size: - Virtual size: 3.2MB

.sedata
Size: - Virtual size: 776KB

.idata
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 48KB

.sedata
Size: - Virtual size: 4KB

.vmp1
Size: - Virtual size: 525KB

.vmp2
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 46KB - Virtual size: 45KB